...
- Register an API Agent
- Download the Agent Certificate
- Write your codes
Anchor |
---|
| _Toc341972297 |
---|
| _Toc341972297 |
---|
|
Register an API AgentTo DualShield, your application is an API agent. Therefore, the very first step is to register your application as an API Agent in the DualShield authentication server.
To register an agent, you must first create the following objects in DualShield:
...
The type of the logon procedure should be set as "Web SSO"
And the logon procedure does not have to contain any logon steps.
To register an API agent, select "Authenticaton | Agents" in the main menu, then click the "Register" button in the toolbar.
The type of the agent must be set to "API Agent".
Make sure that you select the application that you have created for the agent.
You can enable the "Check Agent IP" option for extra security. If this option is selected then you must provide the IP address of the machine where your application is running.
The communication protocol between the agent, i.e. your application and the DualShield is always HTTPS, therefore DualShield will create a SSL certificate for the agent.
The Agent Registration Data is not required.
Anchor |
---|
| _Toc341972298 |
---|
| _Toc341972298 |
---|
|
Download the Agent CertificateAs mentioned, the communication protocol between your application and the DualShield is always HTTPS. Therefore you need to download the agent's certificate which will be required in your application codes.
You can use either PKCS12 or PEM certificate in your code.
To download a PEM format certificate, in the Agents list, click the context menu of your agent and select "Download | Agent SSL Certificate (PEM)". The certificate will be saved as "My Application.PEM". This PEM certificate contains both the certificate and the private key.
If you are using some programming language, like python, you might want to extract the private key separately. You can use the OpenSSL tool:
...
openssl rsa -in apicert.pem -out apikey.pem
apikey.pem is the certificate's unencrypted private key.
To download a PKCS12 format certificate, select "Download | Agent SSL Certificate (PFX)".
Or if your application code is in JAVA, you can download a JKS store directly by selecting "Download | Agent SSL Certificate (JKS)"
Anchor |
---|
| _Toc341972299 |
---|
| _Toc341972299 |
---|
|
Write a Test Application Anchor |
---|
| _Toc341972300 |
---|
| _Toc341972300 |
---|
|
Create a DualShield Classclass DualShield:
headers = {"Content-Type": "application/json"} app_context = "/das5/rest/"
def _init_(self, host, port, keyFile, certFile): self.keyFile = keyFile self.certFile = certFile self.conn = HTTPSConnection(host, port, keyFile, certFile)
def execute(self, method, params): data = json.dumps(params) self.conn.request("POST", self.app_context + method, data, self.headers) response = self.conn.getresponse() data = response.read() return json.loads(data.decode('utf-8'))
def close(self): self.conn.close() self.conn = None |
Anchor |
---|
| _Toc341972301 |
---|
| _Toc341972301 |
---|
|
Initialize DualShield Variableshost = 'dualshield.deepnetlabs.com' port = 8071 keyFile = 'apikey.pem' certFile = 'apicert.pem' domainname='deepnetlabs.com' |
Replace the values of these variable with your own.
host: the host name (FQDN) of your DualShield server
port: the port number of the DualShield authentication server
keyFile: Your agent's private key file
certFile: Your agent's certificate file
domainname: The name of the domain that your agent is connected to
Anchor |
---|
| _Toc341972302 |
---|
| _Toc341972302 |
---|
|
Create a Test Classclass TestDualShield(unittest.TestCase):
def setUp(self): self.auth=DualShield(host, port, keyFile, certFile)
def tearDown(self): self.auth.close() |
Anchor |
---|
| _Toc341972303 |
---|
| _Toc341972303 |
---|
|
Check the ConnectionCall the"Hello" method in DualShieldto check the connection
def test_1_hello(self): r=self.auth.execute("auth/hello", {}) <ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e9129c09-948c-45d8-be42-50c5ca2ba70c"><ac:plain-text-body><![CDATA[ self.assertEqual(r['error'], 0) | ]]></ac:plain-text-body></ac:structured-macro> |
Anchor |
---|
| _Toc341972304 |
---|
| _Toc341972304 |
---|
|
Static Password AuthenticationThe authentication method for verifying Static Password is "SPASS"
def test_2_staticpass(self): #logon with 'static password' credential username=raw_input('Please enter your login name:') password=raw_input('Please enter your AD password:') params = { 'user':{'loginName':username, 'domain.name':domainname}, 'credential':{'method':'SPASS', 'password':password} } r=self.auth.execute("auth/verify", params) <ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="129f118b-60c0-4dd1-87c2-501151dc569c"><ac:plain-text-body><![CDATA[ self.assertEqual(r['error'], 0, r['message']) | ]]></ac:plain-text-body></ac:structured-macro> |
Anchor |
---|
| _Toc341972305 |
---|
| _Toc341972305 |
---|
|
One-Time Password AuthenticationThe authentication method for verifying Static Password is "OTP"
def test_3_verifySafeID(self): otp=raw_input('Please enter you SafeIDotp:') params = { 'user':{'loginName':username, 'domain.name':domainname}, 'credential':{'method':'OTP', 'otp':otp} } r=self.auth.execute("auth/verify", params) <ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="cb4bc08c-ecba-42e8-86a2-c4be5291ecc5"><ac:plain-text-body><![CDATA[ self.assertEqual(r['error'], 0, r['message']) | ]]></ac:plain-text-body></ac:structured-macro> |
Anchor |
---|
| _Toc341972306 |
---|
| _Toc341972306 |
---|
|
Deliver On-Demand PasswordTo deliver an on-demand password to a user via email message (SMTP)
def test_4_sendOTP(self): username=raw_input('Please enter your login name:') params = { 'user':{'loginName':username, 'domain.name':domainname}, 'options':{'channel':'SMTP'} } r=self.auth.execute("auth/sendOTP", params) <ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ebba0142-b6bb-49e0-9c64-67753c8fd5fb"><ac:plain-text-body><![CDATA[ self.assertEqual(r['error'], 0, r['message']) | ]]></ac:plain-text-body></ac:structured-macro> |
Anchor |
---|
| _Toc341972307 |
---|
| _Toc341972307 |
---|
|
On-Demand Password AuthenticationThe authentication method for verifying On-Demand Password is "OTPoD"
def test_5_verifyODP(self): username=raw_input('Please enter your login name:') otp=raw_input('Please enter you otp:') params = { 'user':{'loginName':username, 'domain.name':domainname}, 'credential':{'method':'OTPoD', 'otp':otp} } r=self.auth.execute("auth/verify", params) <ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b98d6860-1b76-46b0-bcfe-83c53914f56d"><ac:plain-text-body><![CDATA[ self.assertEqual(r['error'], 0, r['message']) | ]]></ac:plain-text-body></ac:structured-macro> |
...